CVE-2026-1357 Scanner

WPvivid Backup & Migration is a plugin used in WordPress for creating backups and managing site migrations, primarily utilized by WordPress site administrators for ensuring data safety and seamless site transitions. This plugin is designed to simplify the backup process, allowing users to schedule automatic backups and restore them as needed. With its migration tools, users can easily move their sites from one hosting environment to another, ensuring business continuity and eliminating downtime during transfers. It is widely used by web developers and site owners who need reliable backup solutions and efficient migration capabilities. Overall, WPvivid Backup & Migration serves as a crucial tool for maintaining decentralized websites, saving time and reducing the risk of data loss. The plugin's intuitive interface and comprehensive features make it an integral part of WordPress site management ecosystems.

This vulnerability involves an unauthenticated arbitrary file upload, allowing attackers to upload potentially malicious PHP files to a server. Such vulnerabilities typically arise from insufficient validation and handling of file upload requests, lacking proper input sanitization and path restrictions. In this case, improper error handling in RSA decryption alongside insufficient path sanitization creates an exploit path. Attackers can exploit this to upload and execute malicious files remotely. Because the vulnerability allows execution of uploaded files, it presents a high-risk scenario for affected systems. If successfully exploited, attackers can gain unauthorized access and control over the server, leading to potential data breaches and service disruptions.

In technical terms, the vulnerability in WPvivid Backup & Migration stems from the improper error handling in RSA decryption procedures and lack of sanitization during file uploads. The vulnerable endpoint involves the `wpvivid_action=send_to_site` parameter, which can be manipulated by attackers to inject arbitrary code. This vulnerability allows uploading of PHP files as it bypasses standard input validation controls. The lack of path sanitization further contributes to the risk, enabling attackers to navigate and compromise system directories. The plugin's weak error handling and sanitization mechanisms effectively allow attackers to execute commands through the uploaded file path. Consequently, this opens up a significant attack vector, providing malicious actors an opportunity to compromise server integrity and confidentiality.

Exploitation of this vulnerability can lead to severe repercussions for affected servers. Once attackers upload their custom PHP scripts, they can execute code remotely, potentially leading to full server compromise. This may result in data manipulation or deletion, disruption of service, theft of sensitive information, and possibly usage of the compromised environment to launch further attacks. Additionally, if the attacker manages to maintain a persistent presence on the server, they could establish a foothold for continued exploitation and surveillance, causing long-term damage to infrastructure and reputation. Therefore, timely patching and vigilant monitoring are recommended to mitigate these risks.

REFERENCES

• https://vulnerabletarget.com/VT-2026-1357
• https://github.com/LucasM0ntes/POC-CVE-2026-1357
• https://www.wordfence.com/threat-intel/vulnerabilities/id/e5af0317-ef46-4744-9752-74ce228b5f37
• https://nvd.nist.gov/vuln/detail/CVE-2026-1357